CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2006-3454
https://notcve.org/view.php?id=CVE-2006-3454
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. Múltiples vulnerabilidades de cadenas de formato en Symantec AntiVirus Corporate Edition 8.1 hasta 10.0, y Client Security 1.x hasta 3.0, permiten a usuarios locales ejecutar código de su elección mediante cadenas de formato en (1) Protección de Alteración en el Cliente (Tamper Protection) y (2) Mensajes de Notificación de Alerta de Virus. • http://layereddefense.com/SAV13SEPT.html http://secunia.com/advisories/21884 http://securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html http://securitytracker.com/id?1016842 http://www.securityfocus.com/archive/1/446041/100/0/threaded http://www.securityfocus.com/archive/1/446293/100/0/threaded http://www.securityfocus.com/bid/19986 http://www.vupen.com/english/advisories/2006/3599 https://exchange.xforce.ibmcloud.com/vulnerabilities/28936 •
CVSS: 10.0EPSS: 97%CPEs: 12EXPL: 1CVE-2006-2630 – Symantec Remote Management - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-2630
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. Desbordamiento de búfer basado en pila en Symantec Antivirus 10.1 y Client Security 3.1 permite a atacantes remotos ejecutar código de su elección vectores de ataque desconocidos. • https://www.exploit-db.com/exploits/16830 http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046355.html http://secunia.com/advisories/20318 http://securityresponse.symantec.com/avcenter/security/Content/2006.05.25.html http://securitytracker.com/id?1016161 http://securitytracker.com/id?1016162 http://www.eeye.com/html/research/upcoming/20060524.html http://www.kb.cert.org/vuls/id/404910 http://www.securityfocus.com/archive/1/435200/100/0/threaded http://www.secur •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 1CVE-2006-0232
https://notcve.org/view.php?id=CVE-2006-0232
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. • http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html http://secunia.com/advisories/19734 http://securityreason.com/securityalert/758 http://securityreason.com/securityalert/759 http://securitytracker.com/id?1015974 http://www.securityfocus.com/archive/1/431728/100/0/threaded http://www.securityfocus.com/archive/1/431734/100/0/threaded http://www.securityfocus.com/bid/17637 http://www.symantec.com/avcenter/security/Content/2006.04.21.html http://www.vupen.com/english&# •
CVSS: 6.4EPSS: 70%CPEs: 1EXPL: 0CVE-2006-0231
https://notcve.org/view.php?id=CVE-2006-0231
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. • http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0011.html http://secunia.com/advisories/19734 http://securitytracker.com/id?1015974 http://www.securityfocus.com/archive/1/431725/100/0/threaded http://www.securityfocus.com/archive/1/431734/100/0/threaded http://www.securityfocus.com/bid/17637 http://www.symantec.com/avcenter/security/Content/2006.04.21.html http://www.vupen.com/english/advisories/2006/1464 https://exchange.xforce.ibmcloud.com/vulnerabilities/25973 •
CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 2CVE-2006-0230 – Symantec Scan Engine 5.0.x - Change Admin Password
https://notcve.org/view.php?id=CVE-2006-0230
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests. • https://www.exploit-db.com/exploits/1703 http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0010.html http://secunia.com/advisories/19734 http://www.kb.cert.org/vuls/id/118388 http://www.securityfocus.com/archive/1/431724/100/0/threaded http://www.securityfocus.com/archive/1/431734/100/0/threaded http://www.securityfocus.com/bid/17637 http://www.symantec.com/avcenter/security/Content/2006.04.21.html http://www.vupen.com/english/advisories/2006/1464 https:/&# •